Security service providers may maintain a database of information describing the security of files. A user who has downloaded a file, or is considering downloading the file, may query the security service provider to obtain information about the security of the file from the database. It is increasingly common for colossal numbers of users to request a same file or a same set of files within a short period of time. This phenomena may be triggered by a software distributor releasing a new application or a new patch update. In some instances, millions of users may query for an indication of the security of each file included in a new application or patch update within a few hours. Thus, security service providers resort to scaling backend telemetry architecture to handle such staggering spikes in query volume. If the backend telemetry architecture is insufficient, a large spike in query volume may saturate the servers of security service providers such that the servers are unable to respond to new queries. Accordingly, the instant disclosure identifies a need for improved systems and methods for anticipating and responding to spikes in query volume.